mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-13 17:44:56 +08:00
9892628a50
Previously, moderators had full access to all staff action logs, which exposed sensitive information including webhook secrets, API keys, site settings, private messages, and restricted categories. This change implements an allowlist approach where moderators can only see actions relevant to their role (user management, posts, topics, badges, etc.) while admin-only actions (site settings, webhooks, API keys, themes, etc.) are hidden. Additionally, content-level redaction ensures moderators cannot see details of logs referencing private topics, restricted categories, or deleted content they don't have access to. Site setting gates control visibility of category, trust level, and email actions based on existing moderator permission settings. Ref - t/171137 |
||
|---|---|---|
| .. | ||
| chat | ||
| concerns/chat | ||
